@azure/msal-browser 4.27.0 → 4.28.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (376) hide show
  1. package/dist/app/IPublicClientApplication.mjs +1 -1
  2. package/dist/app/PublicClientApplication.mjs +1 -1
  3. package/dist/app/PublicClientNext.mjs +1 -1
  4. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  5. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  7. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  8. package/dist/cache/AccountManager.mjs +1 -1
  9. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  10. package/dist/cache/BrowserCacheManager.d.ts +3 -3
  11. package/dist/cache/BrowserCacheManager.d.ts.map +1 -1
  12. package/dist/cache/BrowserCacheManager.mjs +12 -8
  13. package/dist/cache/BrowserCacheManager.mjs.map +1 -1
  14. package/dist/cache/CacheHelpers.mjs +1 -1
  15. package/dist/cache/CacheKeys.mjs +1 -1
  16. package/dist/cache/CookieStorage.mjs +1 -1
  17. package/dist/cache/DatabaseStorage.mjs +1 -1
  18. package/dist/cache/EncryptedData.mjs +1 -1
  19. package/dist/cache/LocalStorage.mjs +1 -1
  20. package/dist/cache/MemoryStorage.mjs +1 -1
  21. package/dist/cache/SessionStorage.mjs +1 -1
  22. package/dist/cache/TokenCache.d.ts +3 -2
  23. package/dist/cache/TokenCache.d.ts.map +1 -1
  24. package/dist/cache/TokenCache.mjs +50 -35
  25. package/dist/cache/TokenCache.mjs.map +1 -1
  26. package/dist/config/Configuration.mjs +1 -1
  27. package/dist/controllers/ControllerFactory.mjs +1 -1
  28. package/dist/controllers/NestedAppAuthController.d.ts.map +1 -1
  29. package/dist/controllers/NestedAppAuthController.mjs +3 -3
  30. package/dist/controllers/NestedAppAuthController.mjs.map +1 -1
  31. package/dist/controllers/StandardController.d.ts.map +1 -1
  32. package/dist/controllers/StandardController.mjs +3 -3
  33. package/dist/controllers/StandardController.mjs.map +1 -1
  34. package/dist/controllers/UnknownOperatingContextController.mjs +1 -1
  35. package/dist/crypto/BrowserCrypto.mjs +1 -1
  36. package/dist/crypto/CryptoOps.mjs +1 -1
  37. package/dist/crypto/PkceGenerator.mjs +1 -1
  38. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  39. package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
  40. package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  41. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  42. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  43. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  44. package/dist/custom-auth-path/cache/AccountManager.mjs +1 -1
  45. package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
  46. package/dist/custom-auth-path/cache/BrowserCacheManager.d.ts +3 -3
  47. package/dist/custom-auth-path/cache/BrowserCacheManager.d.ts.map +1 -1
  48. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +12 -8
  49. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs.map +1 -1
  50. package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
  51. package/dist/custom-auth-path/cache/CacheKeys.mjs +1 -1
  52. package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
  53. package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
  54. package/dist/custom-auth-path/cache/EncryptedData.mjs +1 -1
  55. package/dist/custom-auth-path/cache/LocalStorage.mjs +1 -1
  56. package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
  57. package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
  58. package/dist/custom-auth-path/cache/TokenCache.d.ts +3 -2
  59. package/dist/custom-auth-path/cache/TokenCache.d.ts.map +1 -1
  60. package/dist/custom-auth-path/cache/TokenCache.mjs +50 -35
  61. package/dist/custom-auth-path/cache/TokenCache.mjs.map +1 -1
  62. package/dist/custom-auth-path/config/Configuration.mjs +1 -1
  63. package/dist/custom-auth-path/controllers/ControllerFactory.mjs +1 -1
  64. package/dist/custom-auth-path/controllers/NestedAppAuthController.d.ts.map +1 -1
  65. package/dist/custom-auth-path/controllers/StandardController.d.ts.map +1 -1
  66. package/dist/custom-auth-path/controllers/StandardController.mjs +3 -3
  67. package/dist/custom-auth-path/controllers/StandardController.mjs.map +1 -1
  68. package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
  69. package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
  70. package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
  71. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
  72. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
  73. package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  74. package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  75. package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  76. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  77. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  78. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  79. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  80. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  81. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  82. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  83. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  84. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  85. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  86. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  87. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  88. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  89. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  90. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  91. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  92. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  93. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
  94. package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
  95. package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  96. package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  97. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  98. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  99. package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  100. package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  101. package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  102. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  103. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  104. package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
  105. package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  106. package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  107. package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  108. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.d.ts +1 -1
  109. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.d.ts.map +1 -1
  110. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +3 -3
  111. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs.map +1 -1
  112. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  113. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.d.ts.map +1 -1
  114. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs +2 -2
  115. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs.map +1 -1
  116. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  117. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.d.ts.map +1 -1
  118. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs +2 -2
  119. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs.map +1 -1
  120. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  121. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  122. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  123. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  124. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  125. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  126. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  127. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  128. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  129. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  130. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  131. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  132. package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  133. package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  134. package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
  135. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  136. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  137. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  138. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  139. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  140. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  141. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  142. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  143. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.d.ts.map +1 -1
  144. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +2 -2
  145. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs.map +1 -1
  146. package/dist/custom-auth-path/custom_auth/index.mjs +1 -1
  147. package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  148. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  149. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  150. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  151. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  152. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  153. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  154. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  155. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  156. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  157. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  158. package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  159. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  160. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  161. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  162. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  163. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  164. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  165. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  166. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  167. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  168. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  169. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  170. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  171. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.d.ts.map +1 -1
  172. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +6 -6
  173. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs.map +1 -1
  174. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  175. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  176. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  177. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  178. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  179. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  180. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  181. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  182. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  183. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  184. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  185. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  186. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  187. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  188. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  189. package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
  190. package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
  191. package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
  192. package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
  193. package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
  194. package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  195. package/dist/custom-auth-path/error/NativeAuthError.mjs +1 -1
  196. package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
  197. package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
  198. package/dist/custom-auth-path/event/EventType.mjs +1 -1
  199. package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
  200. package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  201. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  202. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +3 -3
  203. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  204. package/dist/custom-auth-path/interaction_client/PopupClient.mjs +1 -1
  205. package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +1 -1
  206. package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
  207. package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +2 -2
  208. package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs.map +1 -1
  209. package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
  210. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +1 -1
  211. package/dist/custom-auth-path/interaction_client/SilentRefreshClient.d.ts.map +1 -1
  212. package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +2 -2
  213. package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs.map +1 -1
  214. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +1 -1
  215. package/dist/custom-auth-path/interaction_handler/InteractionHandler.d.ts +3 -2
  216. package/dist/custom-auth-path/interaction_handler/InteractionHandler.d.ts.map +1 -1
  217. package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +5 -5
  218. package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs.map +1 -1
  219. package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +1 -1
  220. package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
  221. package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
  222. package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
  223. package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
  224. package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
  225. package/dist/custom-auth-path/packageMetadata.mjs +2 -2
  226. package/dist/custom-auth-path/protocol/Authorize.d.ts.map +1 -1
  227. package/dist/custom-auth-path/protocol/Authorize.mjs +3 -3
  228. package/dist/custom-auth-path/protocol/Authorize.mjs.map +1 -1
  229. package/dist/custom-auth-path/request/RequestHelpers.mjs +1 -1
  230. package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
  231. package/dist/custom-auth-path/utils/BrowserConstants.d.ts +20 -1
  232. package/dist/custom-auth-path/utils/BrowserConstants.d.ts.map +1 -1
  233. package/dist/custom-auth-path/utils/BrowserConstants.mjs +27 -3
  234. package/dist/custom-auth-path/utils/BrowserConstants.mjs.map +1 -1
  235. package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
  236. package/dist/custom-auth-path/utils/BrowserUtils.mjs +1 -1
  237. package/dist/custom-auth-path/utils/Helpers.mjs +1 -1
  238. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +1 -1
  239. package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
  240. package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.d.ts +1 -1
  241. package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.d.ts.map +1 -1
  242. package/dist/custom_auth/core/interaction_client/jit/JitClient.d.ts.map +1 -1
  243. package/dist/custom_auth/core/interaction_client/mfa/MfaClient.d.ts.map +1 -1
  244. package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.d.ts.map +1 -1
  245. package/dist/custom_auth/sign_in/interaction_client/SignInClient.d.ts.map +1 -1
  246. package/dist/encode/Base64Decode.mjs +1 -1
  247. package/dist/encode/Base64Encode.mjs +1 -1
  248. package/dist/error/BrowserAuthError.mjs +1 -1
  249. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  250. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  251. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  252. package/dist/error/NativeAuthError.mjs +1 -1
  253. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  254. package/dist/error/NestedAppAuthError.mjs +1 -1
  255. package/dist/event/EventHandler.mjs +1 -1
  256. package/dist/event/EventMessage.mjs +1 -1
  257. package/dist/event/EventType.mjs +1 -1
  258. package/dist/index.mjs +1 -1
  259. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  260. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  261. package/dist/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  262. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +3 -3
  263. package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  264. package/dist/interaction_client/PopupClient.mjs +1 -1
  265. package/dist/interaction_client/RedirectClient.mjs +1 -1
  266. package/dist/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
  267. package/dist/interaction_client/SilentAuthCodeClient.mjs +2 -2
  268. package/dist/interaction_client/SilentAuthCodeClient.mjs.map +1 -1
  269. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  270. package/dist/interaction_client/SilentIframeClient.mjs +1 -1
  271. package/dist/interaction_client/SilentRefreshClient.d.ts.map +1 -1
  272. package/dist/interaction_client/SilentRefreshClient.mjs +2 -2
  273. package/dist/interaction_client/SilentRefreshClient.mjs.map +1 -1
  274. package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
  275. package/dist/interaction_handler/InteractionHandler.d.ts +3 -2
  276. package/dist/interaction_handler/InteractionHandler.d.ts.map +1 -1
  277. package/dist/interaction_handler/InteractionHandler.mjs +5 -5
  278. package/dist/interaction_handler/InteractionHandler.mjs.map +1 -1
  279. package/dist/interaction_handler/SilentHandler.mjs +1 -1
  280. package/dist/naa/BridgeError.mjs +1 -1
  281. package/dist/naa/BridgeProxy.mjs +1 -1
  282. package/dist/naa/BridgeStatusCode.mjs +1 -1
  283. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  284. package/dist/navigation/NavigationClient.mjs +1 -1
  285. package/dist/network/FetchClient.mjs +1 -1
  286. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  287. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  288. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  289. package/dist/operatingcontext/UnknownOperatingContext.mjs +1 -1
  290. package/dist/packageMetadata.d.ts +1 -1
  291. package/dist/packageMetadata.mjs +2 -2
  292. package/dist/protocol/Authorize.d.ts.map +1 -1
  293. package/dist/protocol/Authorize.mjs +3 -3
  294. package/dist/protocol/Authorize.mjs.map +1 -1
  295. package/dist/request/RequestHelpers.mjs +1 -1
  296. package/dist/response/ResponseHandler.mjs +1 -1
  297. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  298. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  299. package/dist/utils/BrowserConstants.d.ts +20 -1
  300. package/dist/utils/BrowserConstants.d.ts.map +1 -1
  301. package/dist/utils/BrowserConstants.mjs +27 -3
  302. package/dist/utils/BrowserConstants.mjs.map +1 -1
  303. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  304. package/dist/utils/BrowserUtils.mjs +1 -1
  305. package/dist/utils/Helpers.mjs +1 -1
  306. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  307. package/lib/custom-auth-path/msal-custom-auth.cjs +227 -153
  308. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  309. package/lib/custom-auth-path/msal-custom-auth.js +22632 -0
  310. package/lib/custom-auth-path/msal-custom-auth.js.map +1 -0
  311. package/lib/custom-auth-path/types/cache/BrowserCacheManager.d.ts +3 -3
  312. package/lib/custom-auth-path/types/cache/BrowserCacheManager.d.ts.map +1 -1
  313. package/lib/custom-auth-path/types/cache/TokenCache.d.ts +3 -2
  314. package/lib/custom-auth-path/types/cache/TokenCache.d.ts.map +1 -1
  315. package/lib/custom-auth-path/types/controllers/NestedAppAuthController.d.ts.map +1 -1
  316. package/lib/custom-auth-path/types/controllers/StandardController.d.ts.map +1 -1
  317. package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  318. package/lib/custom-auth-path/types/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.d.ts +1 -1
  319. package/lib/custom-auth-path/types/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.d.ts.map +1 -1
  320. package/lib/custom-auth-path/types/custom_auth/core/interaction_client/jit/JitClient.d.ts.map +1 -1
  321. package/lib/custom-auth-path/types/custom_auth/core/interaction_client/mfa/MfaClient.d.ts.map +1 -1
  322. package/lib/custom-auth-path/types/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.d.ts.map +1 -1
  323. package/lib/custom-auth-path/types/custom_auth/sign_in/interaction_client/SignInClient.d.ts.map +1 -1
  324. package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  325. package/lib/custom-auth-path/types/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
  326. package/lib/custom-auth-path/types/interaction_client/SilentRefreshClient.d.ts.map +1 -1
  327. package/lib/custom-auth-path/types/interaction_handler/InteractionHandler.d.ts +3 -2
  328. package/lib/custom-auth-path/types/interaction_handler/InteractionHandler.d.ts.map +1 -1
  329. package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
  330. package/lib/custom-auth-path/types/protocol/Authorize.d.ts.map +1 -1
  331. package/lib/custom-auth-path/types/utils/BrowserConstants.d.ts +20 -1
  332. package/lib/custom-auth-path/types/utils/BrowserConstants.d.ts.map +1 -1
  333. package/lib/msal-browser.cjs +220 -146
  334. package/lib/msal-browser.cjs.map +1 -1
  335. package/lib/msal-browser.js +220 -146
  336. package/lib/msal-browser.js.map +1 -1
  337. package/lib/msal-browser.min.js +63 -63
  338. package/lib/types/cache/BrowserCacheManager.d.ts +3 -3
  339. package/lib/types/cache/BrowserCacheManager.d.ts.map +1 -1
  340. package/lib/types/cache/TokenCache.d.ts +3 -2
  341. package/lib/types/cache/TokenCache.d.ts.map +1 -1
  342. package/lib/types/controllers/NestedAppAuthController.d.ts.map +1 -1
  343. package/lib/types/controllers/StandardController.d.ts.map +1 -1
  344. package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  345. package/lib/types/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.d.ts +1 -1
  346. package/lib/types/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.d.ts.map +1 -1
  347. package/lib/types/custom_auth/core/interaction_client/jit/JitClient.d.ts.map +1 -1
  348. package/lib/types/custom_auth/core/interaction_client/mfa/MfaClient.d.ts.map +1 -1
  349. package/lib/types/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.d.ts.map +1 -1
  350. package/lib/types/custom_auth/sign_in/interaction_client/SignInClient.d.ts.map +1 -1
  351. package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  352. package/lib/types/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
  353. package/lib/types/interaction_client/SilentRefreshClient.d.ts.map +1 -1
  354. package/lib/types/interaction_handler/InteractionHandler.d.ts +3 -2
  355. package/lib/types/interaction_handler/InteractionHandler.d.ts.map +1 -1
  356. package/lib/types/packageMetadata.d.ts +1 -1
  357. package/lib/types/protocol/Authorize.d.ts.map +1 -1
  358. package/lib/types/utils/BrowserConstants.d.ts +20 -1
  359. package/lib/types/utils/BrowserConstants.d.ts.map +1 -1
  360. package/package.json +2 -2
  361. package/src/cache/BrowserCacheManager.ts +19 -5
  362. package/src/cache/TokenCache.ts +142 -80
  363. package/src/controllers/NestedAppAuthController.ts +2 -1
  364. package/src/controllers/StandardController.ts +4 -2
  365. package/src/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.ts +4 -2
  366. package/src/custom_auth/core/interaction_client/jit/JitClient.ts +2 -1
  367. package/src/custom_auth/core/interaction_client/mfa/MfaClient.ts +2 -1
  368. package/src/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.ts +2 -1
  369. package/src/custom_auth/sign_in/interaction_client/SignInClient.ts +10 -5
  370. package/src/interaction_client/PlatformAuthInteractionClient.ts +3 -1
  371. package/src/interaction_client/SilentAuthCodeClient.ts +1 -0
  372. package/src/interaction_client/SilentRefreshClient.ts +7 -5
  373. package/src/interaction_handler/InteractionHandler.ts +10 -3
  374. package/src/packageMetadata.ts +1 -1
  375. package/src/protocol/Authorize.ts +2 -1
  376. package/src/utils/BrowserConstants.ts +27 -1
@@ -1,8 +1,8 @@
1
- /*! @azure/msal-browser v4.27.0 2025-12-04 */
1
+ /*! @azure/msal-browser v4.28.1 2026-01-17 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
5
- /*! @azure/msal-common v15.13.3 2025-12-04 */
5
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
6
6
  /*
7
7
  * Copyright (c) Microsoft Corporation. All rights reserved.
8
8
  * Licensed under the MIT License.
@@ -279,7 +279,7 @@ const JsonWebTokenTypes = {
279
279
  // Token renewal offset default in seconds
280
280
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
281
281
 
282
- /*! @azure/msal-common v15.13.3 2025-12-04 */
282
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
283
283
  /*
284
284
  * Copyright (c) Microsoft Corporation. All rights reserved.
285
285
  * Licensed under the MIT License.
@@ -296,7 +296,7 @@ var AuthErrorCodes = /*#__PURE__*/Object.freeze({
296
296
  unexpectedError: unexpectedError
297
297
  });
298
298
 
299
- /*! @azure/msal-common v15.13.3 2025-12-04 */
299
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
300
300
 
301
301
  /*
302
302
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -345,7 +345,7 @@ function createAuthError(code, additionalMessage) {
345
345
  : AuthErrorMessages[code]);
346
346
  }
347
347
 
348
- /*! @azure/msal-common v15.13.3 2025-12-04 */
348
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
349
349
  /*
350
350
  * Copyright (c) Microsoft Corporation. All rights reserved.
351
351
  * Licensed under the MIT License.
@@ -445,7 +445,7 @@ var ClientAuthErrorCodes = /*#__PURE__*/Object.freeze({
445
445
  userTimeoutReached: userTimeoutReached
446
446
  });
447
447
 
448
- /*! @azure/msal-common v15.13.3 2025-12-04 */
448
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
449
449
 
450
450
  /*
451
451
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -702,7 +702,7 @@ function createClientAuthError(errorCode, additionalMessage) {
702
702
  return new ClientAuthError(errorCode, additionalMessage);
703
703
  }
704
704
 
705
- /*! @azure/msal-common v15.13.3 2025-12-04 */
705
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
706
706
 
707
707
  /*
708
708
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -741,7 +741,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
741
741
  },
742
742
  };
743
743
 
744
- /*! @azure/msal-common v15.13.3 2025-12-04 */
744
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
745
745
 
746
746
  /*
747
747
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -932,12 +932,12 @@ class Logger {
932
932
  }
933
933
  }
934
934
 
935
- /*! @azure/msal-common v15.13.3 2025-12-04 */
935
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
936
936
  /* eslint-disable header/header */
937
937
  const name$1 = "@azure/msal-common";
938
- const version$1 = "15.13.3";
938
+ const version$1 = "15.14.1";
939
939
 
940
- /*! @azure/msal-common v15.13.3 2025-12-04 */
940
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
941
941
  /*
942
942
  * Copyright (c) Microsoft Corporation. All rights reserved.
943
943
  * Licensed under the MIT License.
@@ -957,7 +957,7 @@ const AzureCloudInstance = {
957
957
  AzureUsGovernment: "https://login.microsoftonline.us",
958
958
  };
959
959
 
960
- /*! @azure/msal-common v15.13.3 2025-12-04 */
960
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
961
961
  /*
962
962
  * Copyright (c) Microsoft Corporation. All rights reserved.
963
963
  * Licensed under the MIT License.
@@ -1015,7 +1015,7 @@ var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
1015
1015
  urlParseError: urlParseError
1016
1016
  });
1017
1017
 
1018
- /*! @azure/msal-common v15.13.3 2025-12-04 */
1018
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
1019
1019
 
1020
1020
  /*
1021
1021
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1163,7 +1163,7 @@ function createClientConfigurationError(errorCode) {
1163
1163
  return new ClientConfigurationError(errorCode);
1164
1164
  }
1165
1165
 
1166
- /*! @azure/msal-common v15.13.3 2025-12-04 */
1166
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
1167
1167
  /*
1168
1168
  * Copyright (c) Microsoft Corporation. All rights reserved.
1169
1169
  * Licensed under the MIT License.
@@ -1260,7 +1260,7 @@ class StringUtils {
1260
1260
  }
1261
1261
  }
1262
1262
 
1263
- /*! @azure/msal-common v15.13.3 2025-12-04 */
1263
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
1264
1264
 
1265
1265
  /*
1266
1266
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1455,7 +1455,7 @@ class ScopeSet {
1455
1455
  }
1456
1456
  }
1457
1457
 
1458
- /*! @azure/msal-common v15.13.3 2025-12-04 */
1458
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
1459
1459
 
1460
1460
  /*
1461
1461
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1495,7 +1495,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
1495
1495
  };
1496
1496
  }
1497
1497
 
1498
- /*! @azure/msal-common v15.13.3 2025-12-04 */
1498
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
1499
1499
  /*
1500
1500
  * Copyright (c) Microsoft Corporation. All rights reserved.
1501
1501
  * Licensed under the MIT License.
@@ -1577,7 +1577,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
1577
1577
  return updatedAccountInfo;
1578
1578
  }
1579
1579
 
1580
- /*! @azure/msal-common v15.13.3 2025-12-04 */
1580
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
1581
1581
  /*
1582
1582
  * Copyright (c) Microsoft Corporation. All rights reserved.
1583
1583
  * Licensed under the MIT License.
@@ -1592,7 +1592,7 @@ const AuthorityType = {
1592
1592
  Ciam: 3,
1593
1593
  };
1594
1594
 
1595
- /*! @azure/msal-common v15.13.3 2025-12-04 */
1595
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
1596
1596
  /*
1597
1597
  * Copyright (c) Microsoft Corporation. All rights reserved.
1598
1598
  * Licensed under the MIT License.
@@ -1614,7 +1614,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
1614
1614
  return null;
1615
1615
  }
1616
1616
 
1617
- /*! @azure/msal-common v15.13.3 2025-12-04 */
1617
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
1618
1618
  /*
1619
1619
  * Copyright (c) Microsoft Corporation. All rights reserved.
1620
1620
  * Licensed under the MIT License.
@@ -1638,7 +1638,7 @@ const ProtocolMode = {
1638
1638
  EAR: "EAR",
1639
1639
  };
1640
1640
 
1641
- /*! @azure/msal-common v15.13.3 2025-12-04 */
1641
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
1642
1642
 
1643
1643
  /*
1644
1644
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1672,6 +1672,13 @@ class AccountEntity {
1672
1672
  * Returns the AccountInfo interface for this account.
1673
1673
  */
1674
1674
  static getAccountInfo(accountEntity) {
1675
+ const tenantProfiles = accountEntity.tenantProfiles || [];
1676
+ // Ensure at least the home tenant profile exists
1677
+ if (tenantProfiles.length === 0 &&
1678
+ accountEntity.realm &&
1679
+ accountEntity.localAccountId) {
1680
+ tenantProfiles.push(buildTenantProfile(accountEntity.homeAccountId, accountEntity.localAccountId, accountEntity.realm));
1681
+ }
1675
1682
  return {
1676
1683
  homeAccountId: accountEntity.homeAccountId,
1677
1684
  environment: accountEntity.environment,
@@ -1683,7 +1690,7 @@ class AccountEntity {
1683
1690
  nativeAccountId: accountEntity.nativeAccountId,
1684
1691
  authorityType: accountEntity.authorityType,
1685
1692
  // Deserialize tenant profiles array into a Map
1686
- tenantProfiles: new Map((accountEntity.tenantProfiles || []).map((tenantProfile) => {
1693
+ tenantProfiles: new Map(tenantProfiles.map((tenantProfile) => {
1687
1694
  return [tenantProfile.tenantId, tenantProfile];
1688
1695
  })),
1689
1696
  dataBoundary: accountEntity.dataBoundary,
@@ -1784,7 +1791,14 @@ class AccountEntity {
1784
1791
  account.cloudGraphHostName = cloudGraphHostName;
1785
1792
  account.msGraphHost = msGraphHost;
1786
1793
  // Serialize tenant profiles map into an array
1787
- account.tenantProfiles = Array.from(accountInfo.tenantProfiles?.values() || []);
1794
+ const tenantProfiles = Array.from(accountInfo.tenantProfiles?.values() || []);
1795
+ // Ensure at least the home tenant profile exists
1796
+ if (tenantProfiles.length === 0 &&
1797
+ accountInfo.tenantId &&
1798
+ accountInfo.localAccountId) {
1799
+ tenantProfiles.push(buildTenantProfile(accountInfo.homeAccountId, accountInfo.localAccountId, accountInfo.tenantId, accountInfo.idTokenClaims));
1800
+ }
1801
+ account.tenantProfiles = tenantProfiles;
1788
1802
  account.dataBoundary = accountInfo.dataBoundary;
1789
1803
  return account;
1790
1804
  }
@@ -1859,7 +1873,7 @@ class AccountEntity {
1859
1873
  }
1860
1874
  }
1861
1875
 
1862
- /*! @azure/msal-common v15.13.3 2025-12-04 */
1876
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
1863
1877
 
1864
1878
  /*
1865
1879
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1940,7 +1954,7 @@ function checkMaxAge(authTime, maxAge) {
1940
1954
  }
1941
1955
  }
1942
1956
 
1943
- /*! @azure/msal-common v15.13.3 2025-12-04 */
1957
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
1944
1958
 
1945
1959
  /*
1946
1960
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2056,7 +2070,7 @@ function normalizeUrlForComparison(url) {
2056
2070
  }
2057
2071
  }
2058
2072
 
2059
- /*! @azure/msal-common v15.13.3 2025-12-04 */
2073
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
2060
2074
 
2061
2075
  /*
2062
2076
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2220,7 +2234,7 @@ class UrlString {
2220
2234
  }
2221
2235
  }
2222
2236
 
2223
- /*! @azure/msal-common v15.13.3 2025-12-04 */
2237
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
2224
2238
 
2225
2239
  /*
2226
2240
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2359,7 +2373,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
2359
2373
  return null;
2360
2374
  }
2361
2375
 
2362
- /*! @azure/msal-common v15.13.3 2025-12-04 */
2376
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
2363
2377
  /*
2364
2378
  * Copyright (c) Microsoft Corporation. All rights reserved.
2365
2379
  * Licensed under the MIT License.
@@ -2367,7 +2381,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
2367
2381
  const cacheQuotaExceeded = "cache_quota_exceeded";
2368
2382
  const cacheErrorUnknown = "cache_error_unknown";
2369
2383
 
2370
- /*! @azure/msal-common v15.13.3 2025-12-04 */
2384
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
2371
2385
 
2372
2386
  /*
2373
2387
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2412,7 +2426,7 @@ function createCacheError(e) {
2412
2426
  }
2413
2427
  }
2414
2428
 
2415
- /*! @azure/msal-common v15.13.3 2025-12-04 */
2429
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
2416
2430
 
2417
2431
  /*
2418
2432
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2582,15 +2596,16 @@ class CacheManager {
2582
2596
  * @param cacheRecord {CacheRecord}
2583
2597
  * @param correlationId {?string} correlation id
2584
2598
  * @param kmsi - Keep Me Signed In
2599
+ * @param apiId - API identifier for telemetry tracking
2585
2600
  * @param storeInCache {?StoreInCache}
2586
2601
  */
2587
- async saveCacheRecord(cacheRecord, correlationId, kmsi, storeInCache) {
2602
+ async saveCacheRecord(cacheRecord, correlationId, kmsi, apiId, storeInCache) {
2588
2603
  if (!cacheRecord) {
2589
2604
  throw createClientAuthError(invalidCacheRecord);
2590
2605
  }
2591
2606
  try {
2592
2607
  if (!!cacheRecord.account) {
2593
- await this.setAccount(cacheRecord.account, correlationId, kmsi);
2608
+ await this.setAccount(cacheRecord.account, correlationId, kmsi, apiId);
2594
2609
  }
2595
2610
  if (!!cacheRecord.idToken && storeInCache?.idToken !== false) {
2596
2611
  await this.setIdTokenCredential(cacheRecord.idToken, correlationId, kmsi);
@@ -3522,7 +3537,7 @@ class DefaultStorageClass extends CacheManager {
3522
3537
  }
3523
3538
  }
3524
3539
 
3525
- /*! @azure/msal-common v15.13.3 2025-12-04 */
3540
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
3526
3541
  /*
3527
3542
  * Copyright (c) Microsoft Corporation. All rights reserved.
3528
3543
  * Licensed under the MIT License.
@@ -3779,6 +3794,11 @@ const PerformanceEvents = {
3779
3794
  Decrypt: "decrypt",
3780
3795
  GenerateEarKey: "generateEarKey",
3781
3796
  DecryptEarResponse: "decryptEarResponse",
3797
+ LoadExternalTokens: "LoadExternalTokens",
3798
+ LoadAccount: "loadAccount",
3799
+ LoadIdToken: "loadIdToken",
3800
+ LoadAccessToken: "loadAccessToken",
3801
+ LoadRefreshToken: "loadRefreshToken",
3782
3802
  };
3783
3803
  const PerformanceEventAbbreviations = new Map([
3784
3804
  [PerformanceEvents.AcquireTokenByCode, "ATByCode"],
@@ -4044,7 +4064,7 @@ const IntFields = new Set([
4044
4064
  "upgradedCacheCount",
4045
4065
  ]);
4046
4066
 
4047
- /*! @azure/msal-common v15.13.3 2025-12-04 */
4067
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
4048
4068
 
4049
4069
  /*
4050
4070
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4123,7 +4143,7 @@ class StubPerformanceClient {
4123
4143
  }
4124
4144
  }
4125
4145
 
4126
- /*! @azure/msal-common v15.13.3 2025-12-04 */
4146
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
4127
4147
 
4128
4148
  /*
4129
4149
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4223,7 +4243,7 @@ function isOidcProtocolMode(config) {
4223
4243
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
4224
4244
  }
4225
4245
 
4226
- /*! @azure/msal-common v15.13.3 2025-12-04 */
4246
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
4227
4247
  /*
4228
4248
  * Copyright (c) Microsoft Corporation. All rights reserved.
4229
4249
  * Licensed under the MIT License.
@@ -4233,7 +4253,7 @@ const CcsCredentialType = {
4233
4253
  UPN: "UPN",
4234
4254
  };
4235
4255
 
4236
- /*! @azure/msal-common v15.13.3 2025-12-04 */
4256
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
4237
4257
  /*
4238
4258
  * Copyright (c) Microsoft Corporation. All rights reserved.
4239
4259
  * Licensed under the MIT License.
@@ -4283,7 +4303,7 @@ const INSTANCE_AWARE = "instance_aware";
4283
4303
  const EAR_JWK = "ear_jwk";
4284
4304
  const EAR_JWE_CRYPTO = "ear_jwe_crypto";
4285
4305
 
4286
- /*! @azure/msal-common v15.13.3 2025-12-04 */
4306
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
4287
4307
 
4288
4308
  /*
4289
4309
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4663,7 +4683,7 @@ function addPostBodyParameters(parameters, bodyParameters) {
4663
4683
  });
4664
4684
  }
4665
4685
 
4666
- /*! @azure/msal-common v15.13.3 2025-12-04 */
4686
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
4667
4687
  /*
4668
4688
  * Copyright (c) Microsoft Corporation. All rights reserved.
4669
4689
  * Licensed under the MIT License.
@@ -4675,7 +4695,7 @@ function isOpenIdConfigResponse(response) {
4675
4695
  response.hasOwnProperty("jwks_uri"));
4676
4696
  }
4677
4697
 
4678
- /*! @azure/msal-common v15.13.3 2025-12-04 */
4698
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
4679
4699
  /*
4680
4700
  * Copyright (c) Microsoft Corporation. All rights reserved.
4681
4701
  * Licensed under the MIT License.
@@ -4685,7 +4705,7 @@ function isCloudInstanceDiscoveryResponse(response) {
4685
4705
  response.hasOwnProperty("metadata"));
4686
4706
  }
4687
4707
 
4688
- /*! @azure/msal-common v15.13.3 2025-12-04 */
4708
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
4689
4709
  /*
4690
4710
  * Copyright (c) Microsoft Corporation. All rights reserved.
4691
4711
  * Licensed under the MIT License.
@@ -4695,7 +4715,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
4695
4715
  response.hasOwnProperty("error_description"));
4696
4716
  }
4697
4717
 
4698
- /*! @azure/msal-common v15.13.3 2025-12-04 */
4718
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
4699
4719
  /*
4700
4720
  * Copyright (c) Microsoft Corporation. All rights reserved.
4701
4721
  * Licensed under the MIT License.
@@ -4791,7 +4811,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
4791
4811
  };
4792
4812
  };
4793
4813
 
4794
- /*! @azure/msal-common v15.13.3 2025-12-04 */
4814
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
4795
4815
 
4796
4816
  /*
4797
4817
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4897,7 +4917,7 @@ RegionDiscovery.IMDS_OPTIONS = {
4897
4917
  },
4898
4918
  };
4899
4919
 
4900
- /*! @azure/msal-common v15.13.3 2025-12-04 */
4920
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
4901
4921
  /*
4902
4922
  * Copyright (c) Microsoft Corporation. All rights reserved.
4903
4923
  * Licensed under the MIT License.
@@ -4962,7 +4982,7 @@ function wasClockTurnedBack(cachedAt) {
4962
4982
  return cachedAtSec > nowSeconds();
4963
4983
  }
4964
4984
 
4965
- /*! @azure/msal-common v15.13.3 2025-12-04 */
4985
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
4966
4986
 
4967
4987
  /*
4968
4988
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5224,7 +5244,7 @@ function isAuthorityMetadataExpired(metadata) {
5224
5244
  return metadata.expiresAt <= nowSeconds();
5225
5245
  }
5226
5246
 
5227
- /*! @azure/msal-common v15.13.3 2025-12-04 */
5247
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
5228
5248
 
5229
5249
  /*
5230
5250
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6063,7 +6083,7 @@ function buildStaticAuthorityOptions(authOptions) {
6063
6083
  };
6064
6084
  }
6065
6085
 
6066
- /*! @azure/msal-common v15.13.3 2025-12-04 */
6086
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
6067
6087
 
6068
6088
  /*
6069
6089
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6094,7 +6114,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
6094
6114
  }
6095
6115
  }
6096
6116
 
6097
- /*! @azure/msal-common v15.13.3 2025-12-04 */
6117
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
6098
6118
 
6099
6119
  /*
6100
6120
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6113,7 +6133,7 @@ class ServerError extends AuthError {
6113
6133
  }
6114
6134
  }
6115
6135
 
6116
- /*! @azure/msal-common v15.13.3 2025-12-04 */
6136
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
6117
6137
  /*
6118
6138
  * Copyright (c) Microsoft Corporation. All rights reserved.
6119
6139
  * Licensed under the MIT License.
@@ -6134,7 +6154,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
6134
6154
  };
6135
6155
  }
6136
6156
 
6137
- /*! @azure/msal-common v15.13.3 2025-12-04 */
6157
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
6138
6158
 
6139
6159
  /*
6140
6160
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6221,7 +6241,7 @@ class ThrottlingUtils {
6221
6241
  }
6222
6242
  }
6223
6243
 
6224
- /*! @azure/msal-common v15.13.3 2025-12-04 */
6244
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
6225
6245
 
6226
6246
  /*
6227
6247
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6252,7 +6272,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
6252
6272
  return new NetworkError(error, httpStatus, responseHeaders);
6253
6273
  }
6254
6274
 
6255
- /*! @azure/msal-common v15.13.3 2025-12-04 */
6275
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
6256
6276
 
6257
6277
  /*
6258
6278
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6400,7 +6420,7 @@ class BaseClient {
6400
6420
  }
6401
6421
  }
6402
6422
 
6403
- /*! @azure/msal-common v15.13.3 2025-12-04 */
6423
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
6404
6424
  /*
6405
6425
  * Copyright (c) Microsoft Corporation. All rights reserved.
6406
6426
  * Licensed under the MIT License.
@@ -6428,7 +6448,7 @@ var InteractionRequiredAuthErrorCodes = /*#__PURE__*/Object.freeze({
6428
6448
  uxNotAllowed: uxNotAllowed
6429
6449
  });
6430
6450
 
6431
- /*! @azure/msal-common v15.13.3 2025-12-04 */
6451
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
6432
6452
 
6433
6453
  /*
6434
6454
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6518,7 +6538,7 @@ function createInteractionRequiredAuthError(errorCode) {
6518
6538
  return new InteractionRequiredAuthError(errorCode, InteractionRequiredAuthErrorMessages[errorCode]);
6519
6539
  }
6520
6540
 
6521
- /*! @azure/msal-common v15.13.3 2025-12-04 */
6541
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
6522
6542
 
6523
6543
  /*
6524
6544
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6590,7 +6610,7 @@ class ProtocolUtils {
6590
6610
  }
6591
6611
  }
6592
6612
 
6593
- /*! @azure/msal-common v15.13.3 2025-12-04 */
6613
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
6594
6614
 
6595
6615
  /*
6596
6616
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6672,7 +6692,7 @@ class PopTokenGenerator {
6672
6692
  }
6673
6693
  }
6674
6694
 
6675
- /*! @azure/msal-common v15.13.3 2025-12-04 */
6695
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
6676
6696
  /*
6677
6697
  * Copyright (c) Microsoft Corporation. All rights reserved.
6678
6698
  * Licensed under the MIT License.
@@ -6699,7 +6719,7 @@ class PopTokenGenerator {
6699
6719
  }
6700
6720
  }
6701
6721
 
6702
- /*! @azure/msal-common v15.13.3 2025-12-04 */
6722
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
6703
6723
 
6704
6724
  /*
6705
6725
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6763,7 +6783,7 @@ class ResponseHandler {
6763
6783
  * @param serverTokenResponse
6764
6784
  * @param authority
6765
6785
  */
6766
- async handleServerTokenResponse(serverTokenResponse, authority, reqTimestamp, request, authCodePayload, userAssertionHash, handlingRefreshTokenResponse, forceCacheRefreshTokenResponse, serverRequestId) {
6786
+ async handleServerTokenResponse(serverTokenResponse, authority, reqTimestamp, request, apiId, authCodePayload, userAssertionHash, handlingRefreshTokenResponse, forceCacheRefreshTokenResponse, serverRequestId) {
6767
6787
  this.performanceClient?.addQueueMeasurement(PerformanceEvents.HandleServerTokenResponse, serverTokenResponse.correlation_id);
6768
6788
  // create an idToken object (not entity)
6769
6789
  let idTokenClaims;
@@ -6811,14 +6831,19 @@ class ResponseHandler {
6811
6831
  if (handlingRefreshTokenResponse &&
6812
6832
  !forceCacheRefreshTokenResponse &&
6813
6833
  cacheRecord.account) {
6814
- const key = this.cacheStorage.generateAccountKey(AccountEntity.getAccountInfo(cacheRecord.account));
6815
- const account = this.cacheStorage.getAccount(key, request.correlationId);
6816
- if (!account) {
6834
+ const cachedAccounts = this.cacheStorage.getAllAccounts({
6835
+ homeAccountId: cacheRecord.account.homeAccountId,
6836
+ environment: cacheRecord.account.environment,
6837
+ }, request.correlationId);
6838
+ if (cachedAccounts.length < 1) {
6817
6839
  this.logger.warning("Account used to refresh tokens not in persistence, refreshed tokens will not be stored in the cache");
6840
+ this.performanceClient?.addFields({
6841
+ acntLoggedOut: true,
6842
+ }, request.correlationId);
6818
6843
  return await ResponseHandler.generateAuthenticationResult(this.cryptoObj, authority, cacheRecord, false, request, idTokenClaims, requestStateObj, undefined, serverRequestId);
6819
6844
  }
6820
6845
  }
6821
- await this.cacheStorage.saveCacheRecord(cacheRecord, request.correlationId, isKmsi(idTokenClaims || {}), request.storeInCache);
6846
+ await this.cacheStorage.saveCacheRecord(cacheRecord, request.correlationId, isKmsi(idTokenClaims || {}), apiId, request.storeInCache);
6822
6847
  }
6823
6848
  finally {
6824
6849
  if (this.persistencePlugin &&
@@ -6888,6 +6913,9 @@ class ResponseHandler {
6888
6913
  ? parseInt(serverTokenResponse.refresh_token_expires_in, 10)
6889
6914
  : serverTokenResponse.refresh_token_expires_in;
6890
6915
  rtExpiresOn = reqTimestamp + rtExpiresIn;
6916
+ this.performanceClient?.addFields({
6917
+ ntwkRtExpiresOnSeconds: rtExpiresOn,
6918
+ }, request.correlationId);
6891
6919
  }
6892
6920
  cachedRefreshToken = createRefreshTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.refresh_token, this.clientId, serverTokenResponse.foci, userAssertionHash, rtExpiresOn);
6893
6921
  }
@@ -7030,7 +7058,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
7030
7058
  return baseAccount;
7031
7059
  }
7032
7060
 
7033
- /*! @azure/msal-common v15.13.3 2025-12-04 */
7061
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
7034
7062
  /*
7035
7063
  * Copyright (c) Microsoft Corporation. All rights reserved.
7036
7064
  * Licensed under the MIT License.
@@ -7048,7 +7076,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
7048
7076
  }
7049
7077
  }
7050
7078
 
7051
- /*! @azure/msal-common v15.13.3 2025-12-04 */
7079
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
7052
7080
 
7053
7081
  /*
7054
7082
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7070,8 +7098,9 @@ class AuthorizationCodeClient extends BaseClient {
7070
7098
  * API to acquire a token in exchange of 'authorization_code` acquired by the user in the first leg of the
7071
7099
  * authorization_code_grant
7072
7100
  * @param request
7101
+ * @param apiId - API identifier for telemetry tracking
7073
7102
  */
7074
- async acquireToken(request, authCodePayload) {
7103
+ async acquireToken(request, apiId, authCodePayload) {
7075
7104
  this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthClientAcquireToken, request.correlationId);
7076
7105
  if (!request.code) {
7077
7106
  throw createClientAuthError(requestCannotBeMade);
@@ -7083,7 +7112,7 @@ class AuthorizationCodeClient extends BaseClient {
7083
7112
  const responseHandler = new ResponseHandler(this.config.authOptions.clientId, this.cacheManager, this.cryptoUtils, this.logger, this.config.serializableCache, this.config.persistencePlugin, this.performanceClient);
7084
7113
  // Validate response. This function throws a server error if an error is returned by the server.
7085
7114
  responseHandler.validateTokenResponse(response.body);
7086
- return invokeAsync(responseHandler.handleServerTokenResponse.bind(responseHandler), PerformanceEvents.HandleServerTokenResponse, this.logger, this.performanceClient, request.correlationId)(response.body, this.authority, reqTimestamp, request, authCodePayload, undefined, undefined, undefined, requestId);
7115
+ return invokeAsync(responseHandler.handleServerTokenResponse.bind(responseHandler), PerformanceEvents.HandleServerTokenResponse, this.logger, this.performanceClient, request.correlationId)(response.body, this.authority, reqTimestamp, request, apiId, authCodePayload, undefined, undefined, undefined, requestId);
7087
7116
  }
7088
7117
  /**
7089
7118
  * Used to log out the current user, and redirect the user to the postLogoutRedirectUri.
@@ -7283,7 +7312,7 @@ class AuthorizationCodeClient extends BaseClient {
7283
7312
  }
7284
7313
  }
7285
7314
 
7286
- /*! @azure/msal-common v15.13.3 2025-12-04 */
7315
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
7287
7316
 
7288
7317
  /*
7289
7318
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7298,7 +7327,7 @@ class RefreshTokenClient extends BaseClient {
7298
7327
  constructor(configuration, performanceClient) {
7299
7328
  super(configuration, performanceClient);
7300
7329
  }
7301
- async acquireToken(request) {
7330
+ async acquireToken(request, apiId) {
7302
7331
  this.performanceClient?.addQueueMeasurement(PerformanceEvents.RefreshTokenClientAcquireToken, request.correlationId);
7303
7332
  const reqTimestamp = nowSeconds();
7304
7333
  const response = await invokeAsync(this.executeTokenRequest.bind(this), PerformanceEvents.RefreshTokenClientExecuteTokenRequest, this.logger, this.performanceClient, request.correlationId)(request, this.authority);
@@ -7306,13 +7335,13 @@ class RefreshTokenClient extends BaseClient {
7306
7335
  const requestId = response.headers?.[HeaderNames.X_MS_REQUEST_ID];
7307
7336
  const responseHandler = new ResponseHandler(this.config.authOptions.clientId, this.cacheManager, this.cryptoUtils, this.logger, this.config.serializableCache, this.config.persistencePlugin);
7308
7337
  responseHandler.validateTokenResponse(response.body);
7309
- return invokeAsync(responseHandler.handleServerTokenResponse.bind(responseHandler), PerformanceEvents.HandleServerTokenResponse, this.logger, this.performanceClient, request.correlationId)(response.body, this.authority, reqTimestamp, request, undefined, undefined, true, request.forceCache, requestId);
7338
+ return invokeAsync(responseHandler.handleServerTokenResponse.bind(responseHandler), PerformanceEvents.HandleServerTokenResponse, this.logger, this.performanceClient, request.correlationId)(response.body, this.authority, reqTimestamp, request, apiId, undefined, undefined, true, request.forceCache, requestId);
7310
7339
  }
7311
7340
  /**
7312
7341
  * Gets cached refresh token and attaches to request, then calls acquireToken API
7313
7342
  * @param request
7314
7343
  */
7315
- async acquireTokenByRefreshToken(request) {
7344
+ async acquireTokenByRefreshToken(request, apiId) {
7316
7345
  // Cannot renew token if no request object is given.
7317
7346
  if (!request) {
7318
7347
  throw createClientConfigurationError(tokenRequestEmpty);
@@ -7327,7 +7356,7 @@ class RefreshTokenClient extends BaseClient {
7327
7356
  // if the app is part of the family, retrive a Family refresh token if present and make a refreshTokenRequest
7328
7357
  if (isFOCI) {
7329
7358
  try {
7330
- return await invokeAsync(this.acquireTokenWithCachedRefreshToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, this.logger, this.performanceClient, request.correlationId)(request, true);
7359
+ return await invokeAsync(this.acquireTokenWithCachedRefreshToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, this.logger, this.performanceClient, request.correlationId)(request, true, apiId);
7331
7360
  }
7332
7361
  catch (e) {
7333
7362
  const noFamilyRTInCache = e instanceof InteractionRequiredAuthError &&
@@ -7338,7 +7367,7 @@ class RefreshTokenClient extends BaseClient {
7338
7367
  e.subError === Errors.CLIENT_MISMATCH_ERROR;
7339
7368
  // if family Refresh Token (FRT) cache acquisition fails or if client_mismatch error is seen with FRT, reattempt with application Refresh Token (ART)
7340
7369
  if (noFamilyRTInCache || clientMismatchErrorWithFamilyRT) {
7341
- return invokeAsync(this.acquireTokenWithCachedRefreshToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, this.logger, this.performanceClient, request.correlationId)(request, false);
7370
+ return invokeAsync(this.acquireTokenWithCachedRefreshToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, this.logger, this.performanceClient, request.correlationId)(request, false, apiId);
7342
7371
  // throw in all other cases
7343
7372
  }
7344
7373
  else {
@@ -7347,26 +7376,30 @@ class RefreshTokenClient extends BaseClient {
7347
7376
  }
7348
7377
  }
7349
7378
  // fall back to application refresh token acquisition
7350
- return invokeAsync(this.acquireTokenWithCachedRefreshToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, this.logger, this.performanceClient, request.correlationId)(request, false);
7379
+ return invokeAsync(this.acquireTokenWithCachedRefreshToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, this.logger, this.performanceClient, request.correlationId)(request, false, apiId);
7351
7380
  }
7352
7381
  /**
7353
7382
  * makes a network call to acquire tokens by exchanging RefreshToken available in userCache; throws if refresh token is not cached
7354
7383
  * @param request
7355
7384
  */
7356
- async acquireTokenWithCachedRefreshToken(request, foci) {
7385
+ async acquireTokenWithCachedRefreshToken(request, foci, apiId) {
7357
7386
  this.performanceClient?.addQueueMeasurement(PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, request.correlationId);
7358
7387
  // fetches family RT or application RT based on FOCI value
7359
7388
  const refreshToken = invoke(this.cacheManager.getRefreshToken.bind(this.cacheManager), PerformanceEvents.CacheManagerGetRefreshToken, this.logger, this.performanceClient, request.correlationId)(request.account, foci, request.correlationId, undefined, this.performanceClient);
7360
7389
  if (!refreshToken) {
7361
7390
  throw createInteractionRequiredAuthError(noTokensFound);
7362
7391
  }
7363
- if (refreshToken.expiresOn &&
7364
- isTokenExpired(refreshToken.expiresOn, request.refreshTokenExpirationOffsetSeconds ||
7365
- DEFAULT_REFRESH_TOKEN_EXPIRATION_OFFSET_SECONDS)) {
7366
- this.performanceClient?.addFields({ rtExpiresOnMs: Number(refreshToken.expiresOn) }, request.correlationId);
7367
- throw createInteractionRequiredAuthError(refreshTokenExpired);
7392
+ if (refreshToken.expiresOn) {
7393
+ const offset = request.refreshTokenExpirationOffsetSeconds ||
7394
+ DEFAULT_REFRESH_TOKEN_EXPIRATION_OFFSET_SECONDS;
7395
+ this.performanceClient?.addFields({
7396
+ cacheRtExpiresOnSeconds: Number(refreshToken.expiresOn),
7397
+ rtOffsetSeconds: offset,
7398
+ }, request.correlationId);
7399
+ if (isTokenExpired(refreshToken.expiresOn, offset)) {
7400
+ throw createInteractionRequiredAuthError(refreshTokenExpired);
7401
+ }
7368
7402
  }
7369
- // attach cached RT size to the current measurement
7370
7403
  const refreshTokenRequest = {
7371
7404
  ...request,
7372
7405
  refreshToken: refreshToken.secret,
@@ -7377,11 +7410,10 @@ class RefreshTokenClient extends BaseClient {
7377
7410
  },
7378
7411
  };
7379
7412
  try {
7380
- return await invokeAsync(this.acquireToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireToken, this.logger, this.performanceClient, request.correlationId)(refreshTokenRequest);
7413
+ return await invokeAsync(this.acquireToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireToken, this.logger, this.performanceClient, request.correlationId)(refreshTokenRequest, apiId);
7381
7414
  }
7382
7415
  catch (e) {
7383
7416
  if (e instanceof InteractionRequiredAuthError) {
7384
- this.performanceClient?.addFields({ rtExpiresOnMs: Number(refreshToken.expiresOn) }, request.correlationId);
7385
7417
  if (e.subError === badToken) {
7386
7418
  // Remove bad refresh token from cache
7387
7419
  this.logger.verbose("acquireTokenWithRefreshToken: bad refresh token, removing from cache");
@@ -7492,7 +7524,7 @@ class RefreshTokenClient extends BaseClient {
7492
7524
  }
7493
7525
  }
7494
7526
 
7495
- /*! @azure/msal-common v15.13.3 2025-12-04 */
7527
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
7496
7528
 
7497
7529
  /*
7498
7530
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7590,7 +7622,7 @@ class SilentFlowClient extends BaseClient {
7590
7622
  }
7591
7623
  }
7592
7624
 
7593
- /*! @azure/msal-common v15.13.3 2025-12-04 */
7625
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
7594
7626
 
7595
7627
  /*
7596
7628
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7605,7 +7637,7 @@ const StubbedNetworkModule = {
7605
7637
  },
7606
7638
  };
7607
7639
 
7608
- /*! @azure/msal-common v15.13.3 2025-12-04 */
7640
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
7609
7641
 
7610
7642
  /*
7611
7643
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7829,7 +7861,7 @@ function extractLoginHint(account) {
7829
7861
  return account.loginHint || account.idTokenClaims?.login_hint || null;
7830
7862
  }
7831
7863
 
7832
- /*! @azure/msal-common v15.13.3 2025-12-04 */
7864
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
7833
7865
 
7834
7866
  /*
7835
7867
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7887,7 +7919,7 @@ class AuthenticationHeaderParser {
7887
7919
  }
7888
7920
  }
7889
7921
 
7890
- /*! @azure/msal-common v15.13.3 2025-12-04 */
7922
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
7891
7923
 
7892
7924
  /*
7893
7925
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8150,7 +8182,7 @@ class ServerTelemetryManager {
8150
8182
  }
8151
8183
  }
8152
8184
 
8153
- /*! @azure/msal-common v15.13.3 2025-12-04 */
8185
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
8154
8186
  /*
8155
8187
  * Copyright (c) Microsoft Corporation. All rights reserved.
8156
8188
  * Licensed under the MIT License.
@@ -8158,7 +8190,7 @@ class ServerTelemetryManager {
8158
8190
  const missingKidError = "missing_kid_error";
8159
8191
  const missingAlgError = "missing_alg_error";
8160
8192
 
8161
- /*! @azure/msal-common v15.13.3 2025-12-04 */
8193
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
8162
8194
 
8163
8195
  /*
8164
8196
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8183,7 +8215,7 @@ function createJoseHeaderError(code) {
8183
8215
  return new JoseHeaderError(code, JoseHeaderErrorMessages[code]);
8184
8216
  }
8185
8217
 
8186
- /*! @azure/msal-common v15.13.3 2025-12-04 */
8218
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
8187
8219
 
8188
8220
  /*
8189
8221
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8223,7 +8255,7 @@ class JoseHeader {
8223
8255
  }
8224
8256
  }
8225
8257
 
8226
- /*! @azure/msal-common v15.13.3 2025-12-04 */
8258
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
8227
8259
 
8228
8260
  /*
8229
8261
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -9311,9 +9343,9 @@ const InMemoryCacheKeys = {
9311
9343
  };
9312
9344
  /**
9313
9345
  * API Codes for Telemetry purposes.
9314
- * Before adding a new code you must claim it in the MSAL Telemetry tracker as these number spaces are shared across all MSALs
9315
9346
  * 0-99 Silent Flow
9316
9347
  * 800-899 Auth Code Flow
9348
+ * 900-999 Miscellaneous
9317
9349
  */
9318
9350
  const ApiId = {
9319
9351
  acquireTokenRedirect: 861,
@@ -9325,6 +9357,30 @@ const ApiId = {
9325
9357
  acquireTokenSilent_silentFlow: 61,
9326
9358
  logout: 961,
9327
9359
  logoutPopup: 962,
9360
+ hydrateCache: 963,
9361
+ loadExternalTokens: 964,
9362
+ };
9363
+ /**
9364
+ * API Names for Telemetry purposes.
9365
+ */
9366
+ const ApiName = {
9367
+ 861: "acquireTokenRedirect",
9368
+ 862: "acquireTokenPopup",
9369
+ 863: "ssoSilent",
9370
+ 864: "acquireTokenSilent_authCode",
9371
+ 865: "handleRedirectPromise",
9372
+ 866: "acquireTokenByCode",
9373
+ 61: "acquireTokenSilent_silentFlow",
9374
+ 961: "logout",
9375
+ 962: "logoutPopup",
9376
+ 963: "hydrateCache",
9377
+ 964: "loadExternalTokens",
9378
+ };
9379
+ const apiIdToName = (id) => {
9380
+ if (typeof id === "number" && id in ApiName) {
9381
+ return ApiName[id];
9382
+ }
9383
+ return "unknown";
9328
9384
  };
9329
9385
  /*
9330
9386
  * Interaction type of the API - used for state and telemetry
@@ -10340,7 +10396,7 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
10340
10396
 
10341
10397
  /* eslint-disable header/header */
10342
10398
  const name = "@azure/msal-browser";
10343
- const version = "4.27.0";
10399
+ const version = "4.28.1";
10344
10400
 
10345
10401
  /*
10346
10402
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -12360,17 +12416,21 @@ class BrowserCacheManager extends CacheManager {
12360
12416
  if (!parsedAccount || !AccountEntity.isAccountEntity(parsedAccount)) {
12361
12417
  return null;
12362
12418
  }
12419
+ this.performanceClient.addFields({
12420
+ accountCachedBy: apiIdToName(parsedAccount.cachedByApiId),
12421
+ }, correlationId);
12363
12422
  return CacheManager.toObject(new AccountEntity(), parsedAccount);
12364
12423
  }
12365
12424
  /**
12366
12425
  * set account entity in the platform cache
12367
12426
  * @param account
12368
12427
  */
12369
- async setAccount(account, correlationId, kmsi) {
12428
+ async setAccount(account, correlationId, kmsi, apiId) {
12370
12429
  this.logger.trace("BrowserCacheManager.setAccount called");
12371
12430
  const key = this.generateAccountKey(AccountEntity.getAccountInfo(account));
12372
12431
  const timestamp = Date.now().toString();
12373
12432
  account.lastUpdatedAt = timestamp;
12433
+ account.cachedByApiId = apiId;
12374
12434
  await this.setUserData(key, JSON.stringify(account), correlationId, timestamp, kmsi);
12375
12435
  const wasAdded = this.addAccountKeyToMap(key, correlationId);
12376
12436
  this.performanceClient.addFields({ kmsi: kmsi }, correlationId);
@@ -13125,7 +13185,7 @@ class BrowserCacheManager extends CacheManager {
13125
13185
  * @param request
13126
13186
  */
13127
13187
  async hydrateCache(result, request) {
13128
- const idTokenEntity = createIdTokenEntity(result.account?.homeAccountId, result.account?.environment, result.idToken, this.clientId, result.tenantId);
13188
+ const idTokenEntity = createIdTokenEntity(result.account.homeAccountId, result.account.environment, result.idToken, this.clientId, result.tenantId);
13129
13189
  let claimsHash;
13130
13190
  if (request.claims) {
13131
13191
  claimsHash = await this.cryptoImpl.hashString(request.claims);
@@ -13137,7 +13197,7 @@ class BrowserCacheManager extends CacheManager {
13137
13197
  *
13138
13198
  * The next MSAL VFuture should map these both to same value if possible
13139
13199
  */
13140
- const accessTokenEntity = createAccessTokenEntity(result.account?.homeAccountId, result.account.environment, result.accessToken, this.clientId, result.tenantId, result.scopes.join(" "),
13200
+ const accessTokenEntity = createAccessTokenEntity(result.account.homeAccountId, result.account.environment, result.accessToken, this.clientId, result.tenantId, result.scopes.join(" "),
13141
13201
  // Access token expiresOn stored in seconds, converting from AuthenticationResult expiresOn stored as Date
13142
13202
  result.expiresOn
13143
13203
  ? toSecondsFromDate(result.expiresOn)
@@ -13150,7 +13210,7 @@ class BrowserCacheManager extends CacheManager {
13150
13210
  idToken: idTokenEntity,
13151
13211
  accessToken: accessTokenEntity,
13152
13212
  };
13153
- return this.saveCacheRecord(cacheRecord, result.correlationId, isKmsi(extractTokenClaims(result.idToken, base64Decode)));
13213
+ return this.saveCacheRecord(cacheRecord, result.correlationId, isKmsi(extractTokenClaims(result.idToken, base64Decode)), ApiId.hydrateCache);
13154
13214
  }
13155
13215
  /**
13156
13216
  * saves a cache record
@@ -13158,9 +13218,9 @@ class BrowserCacheManager extends CacheManager {
13158
13218
  * @param storeInCache {?StoreInCache}
13159
13219
  * @param correlationId {?string} correlation id
13160
13220
  */
13161
- async saveCacheRecord(cacheRecord, correlationId, kmsi, storeInCache) {
13221
+ async saveCacheRecord(cacheRecord, correlationId, kmsi, apiId, storeInCache) {
13162
13222
  try {
13163
- await super.saveCacheRecord(cacheRecord, correlationId, kmsi, storeInCache);
13223
+ await super.saveCacheRecord(cacheRecord, correlationId, kmsi, apiId, storeInCache);
13164
13224
  }
13165
13225
  catch (e) {
13166
13226
  if (e instanceof CacheError &&
@@ -13919,7 +13979,7 @@ class InteractionHandler {
13919
13979
  * Function to handle response parameters from hash.
13920
13980
  * @param locationHash
13921
13981
  */
13922
- async handleCodeResponse(response, request) {
13982
+ async handleCodeResponse(response, request, apiId) {
13923
13983
  this.performanceClient.addQueueMeasurement(PerformanceEvents.HandleCodeResponse, request.correlationId);
13924
13984
  let authCodeResponse;
13925
13985
  try {
@@ -13935,7 +13995,7 @@ class InteractionHandler {
13935
13995
  throw e;
13936
13996
  }
13937
13997
  }
13938
- return invokeAsync(this.handleCodeResponseFromServer.bind(this), PerformanceEvents.HandleCodeResponseFromServer, this.logger, this.performanceClient, request.correlationId)(authCodeResponse, request);
13998
+ return invokeAsync(this.handleCodeResponseFromServer.bind(this), PerformanceEvents.HandleCodeResponseFromServer, this.logger, this.performanceClient, request.correlationId)(authCodeResponse, request, apiId);
13939
13999
  }
13940
14000
  /**
13941
14001
  * Process auth code response from AAD
@@ -13945,7 +14005,7 @@ class InteractionHandler {
13945
14005
  * @param networkModule
13946
14006
  * @returns
13947
14007
  */
13948
- async handleCodeResponseFromServer(authCodeResponse, request, validateNonce = true) {
14008
+ async handleCodeResponseFromServer(authCodeResponse, request, apiId, validateNonce = true) {
13949
14009
  this.performanceClient.addQueueMeasurement(PerformanceEvents.HandleCodeResponseFromServer, request.correlationId);
13950
14010
  this.logger.trace("InteractionHandler.handleCodeResponseFromServer called");
13951
14011
  // Assign code to request
@@ -13971,7 +14031,7 @@ class InteractionHandler {
13971
14031
  }
13972
14032
  }
13973
14033
  // Acquire token with retrieved code.
13974
- const tokenResponse = (await invokeAsync(this.authModule.acquireToken.bind(this.authModule), PerformanceEvents.AuthClientAcquireToken, this.logger, this.performanceClient, request.correlationId)(this.authCodeRequest, authCodeResponse));
14034
+ const tokenResponse = (await invokeAsync(this.authModule.acquireToken.bind(this.authModule), PerformanceEvents.AuthClientAcquireToken, this.logger, this.performanceClient, request.correlationId)(this.authCodeRequest, apiId, authCodeResponse));
13975
14035
  return tokenResponse;
13976
14036
  }
13977
14037
  /**
@@ -14519,7 +14579,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
14519
14579
  */
14520
14580
  async cacheAccount(accountEntity, correlationId, kmsi) {
14521
14581
  // Store the account info and hence `nativeAccountId` in browser cache
14522
- await this.browserStorage.setAccount(accountEntity, this.correlationId, kmsi);
14582
+ await this.browserStorage.setAccount(accountEntity, this.correlationId, kmsi, this.apiId);
14523
14583
  // Remove any existing cached tokens for this account in browser storage
14524
14584
  this.browserStorage.removeAccountContext(AccountEntity.getAccountInfo(accountEntity), correlationId);
14525
14585
  }
@@ -14548,7 +14608,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
14548
14608
  idToken: cachedIdToken,
14549
14609
  accessToken: cachedAccessToken,
14550
14610
  };
14551
- return this.nativeStorageManager.saveCacheRecord(nativeCacheRecord, this.correlationId, isKmsi(idTokenClaims), request.storeInCache);
14611
+ return this.nativeStorageManager.saveCacheRecord(nativeCacheRecord, this.correlationId, isKmsi(idTokenClaims), this.apiId, request.storeInCache);
14552
14612
  }
14553
14613
  getExpiresInValue(tokenType, expiresIn) {
14554
14614
  return tokenType === AuthenticationScheme.POP
@@ -14923,7 +14983,7 @@ async function handleResponseCode(request, response, codeVerifier, apiId, config
14923
14983
  // Create popup interaction handler.
14924
14984
  const interactionHandler = new InteractionHandler(authClient, browserStorage, authCodeRequest, logger, performanceClient);
14925
14985
  // Handle response from hash string.
14926
- const result = await invokeAsync(interactionHandler.handleCodeResponse.bind(interactionHandler), PerformanceEvents.HandleCodeResponse, logger, performanceClient, request.correlationId)(response, request);
14986
+ const result = await invokeAsync(interactionHandler.handleCodeResponse.bind(interactionHandler), PerformanceEvents.HandleCodeResponse, logger, performanceClient, request.correlationId)(response, request, apiId);
14927
14987
  return result;
14928
14988
  }
14929
14989
  /**
@@ -14970,7 +15030,7 @@ async function handleResponseEAR(request, response, apiId, config, authority, br
14970
15030
  cloud_instance_name: decryptedData.cloud_instance_name,
14971
15031
  msgraph_host: decryptedData.msgraph_host,
14972
15032
  };
14973
- return (await invokeAsync(responseHandler.handleServerTokenResponse.bind(responseHandler), PerformanceEvents.HandleServerTokenResponse, logger, performanceClient, request.correlationId)(decryptedData, authority, nowSeconds(), request, additionalData, undefined, undefined, undefined, undefined));
15033
+ return (await invokeAsync(responseHandler.handleServerTokenResponse.bind(responseHandler), PerformanceEvents.HandleServerTokenResponse, logger, performanceClient, request.correlationId)(decryptedData, authority, nowSeconds(), request, apiId, additionalData, undefined, undefined, undefined, undefined));
14974
15034
  }
14975
15035
 
14976
15036
  /*
@@ -16784,7 +16844,7 @@ class SilentRefreshClient extends StandardInteractionClient {
16784
16844
  account: silentRequest.account,
16785
16845
  });
16786
16846
  // Send request to renew token. Auth module will throw errors if token cannot be renewed.
16787
- return invokeAsync(refreshTokenClient.acquireTokenByRefreshToken.bind(refreshTokenClient), PerformanceEvents.RefreshTokenClientAcquireTokenByRefreshToken, this.logger, this.performanceClient, request.correlationId)(silentRequest).catch((e) => {
16847
+ return invokeAsync(refreshTokenClient.acquireTokenByRefreshToken.bind(refreshTokenClient), PerformanceEvents.RefreshTokenClientAcquireTokenByRefreshToken, this.logger, this.performanceClient, request.correlationId)(silentRequest, ApiId.acquireTokenSilent_silentFlow).catch((e) => {
16788
16848
  e.setCorrelationId(this.correlationId);
16789
16849
  serverTelemetryManager.cacheFailedRequest(e);
16790
16850
  throw e;
@@ -16828,12 +16888,13 @@ class SilentRefreshClient extends StandardInteractionClient {
16828
16888
  * Token cache manager
16829
16889
  */
16830
16890
  class TokenCache {
16831
- constructor(configuration, storage, logger, cryptoObj) {
16891
+ constructor(configuration, storage, logger, cryptoObj, performanceClient) {
16832
16892
  this.isBrowserEnvironment = typeof window !== "undefined";
16833
16893
  this.config = configuration;
16834
16894
  this.storage = storage;
16835
16895
  this.logger = logger;
16836
16896
  this.cryptoObj = cryptoObj;
16897
+ this.performanceClient = performanceClient;
16837
16898
  }
16838
16899
  // Move getAllAccounts here and cache utility APIs
16839
16900
  /**
@@ -16848,30 +16909,37 @@ class TokenCache {
16848
16909
  throw createBrowserAuthError(nonBrowserEnvironment);
16849
16910
  }
16850
16911
  const correlationId = request.correlationId || createNewGuid();
16851
- const idTokenClaims = response.id_token
16852
- ? extractTokenClaims(response.id_token, base64Decode)
16853
- : undefined;
16854
- const kmsi = isKmsi(idTokenClaims || {});
16855
- const authorityOptions = {
16856
- protocolMode: this.config.auth.protocolMode,
16857
- knownAuthorities: this.config.auth.knownAuthorities,
16858
- cloudDiscoveryMetadata: this.config.auth.cloudDiscoveryMetadata,
16859
- authorityMetadata: this.config.auth.authorityMetadata,
16860
- skipAuthorityMetadataCache: this.config.auth.skipAuthorityMetadataCache,
16861
- };
16862
- const authority = request.authority
16863
- ? new Authority(Authority.generateAuthority(request.authority, request.azureCloudOptions), this.config.system.networkClient, this.storage, authorityOptions, this.logger, request.correlationId || createNewGuid())
16864
- : undefined;
16865
- const cacheRecordAccount = await this.loadAccount(request, options.clientInfo || response.client_info || "", correlationId, idTokenClaims, authority);
16866
- const idToken = await this.loadIdToken(response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, cacheRecordAccount.realm, correlationId, kmsi);
16867
- const accessToken = await this.loadAccessToken(request, response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, cacheRecordAccount.realm, options, correlationId, kmsi);
16868
- const refreshToken = await this.loadRefreshToken(response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, correlationId, kmsi);
16869
- return this.generateAuthenticationResult(request, {
16870
- account: cacheRecordAccount,
16871
- idToken,
16872
- accessToken,
16873
- refreshToken,
16874
- }, idTokenClaims, authority);
16912
+ const rootMeasurement = this.performanceClient.startMeasurement(PerformanceEvents.LoadExternalTokens, correlationId);
16913
+ try {
16914
+ const idTokenClaims = response.id_token
16915
+ ? extractTokenClaims(response.id_token, base64Decode)
16916
+ : undefined;
16917
+ const kmsi = isKmsi(idTokenClaims || {});
16918
+ const authorityOptions = {
16919
+ protocolMode: this.config.auth.protocolMode,
16920
+ knownAuthorities: this.config.auth.knownAuthorities,
16921
+ cloudDiscoveryMetadata: this.config.auth.cloudDiscoveryMetadata,
16922
+ authorityMetadata: this.config.auth.authorityMetadata,
16923
+ skipAuthorityMetadataCache: this.config.auth.skipAuthorityMetadataCache,
16924
+ };
16925
+ const authorityString = request.authority || this.config.auth.authority;
16926
+ const authority = await createDiscoveredInstance(Authority.generateAuthority(authorityString, request.azureCloudOptions), this.config.system.networkClient, this.storage, authorityOptions, this.logger, correlationId, this.performanceClient);
16927
+ const cacheRecordAccount = await invokeAsync(this.loadAccount.bind(this), PerformanceEvents.LoadAccount, this.logger, this.performanceClient, correlationId)(request, options.clientInfo || response.client_info || "", correlationId, authority, idTokenClaims);
16928
+ const idToken = await invokeAsync(this.loadIdToken.bind(this), PerformanceEvents.LoadIdToken, this.logger, this.performanceClient, correlationId)(response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, cacheRecordAccount.realm, correlationId, kmsi);
16929
+ const accessToken = await invokeAsync(this.loadAccessToken.bind(this), PerformanceEvents.LoadAccessToken, this.logger, this.performanceClient, correlationId)(request, response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, cacheRecordAccount.realm, options, correlationId, kmsi);
16930
+ const refreshToken = await invokeAsync(this.loadRefreshToken.bind(this), PerformanceEvents.LoadRefreshToken, this.logger, this.performanceClient, correlationId)(response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, correlationId, kmsi);
16931
+ rootMeasurement.end({ success: true }, undefined, AccountEntity.getAccountInfo(cacheRecordAccount));
16932
+ return this.generateAuthenticationResult(request, {
16933
+ account: cacheRecordAccount,
16934
+ idToken,
16935
+ accessToken,
16936
+ refreshToken,
16937
+ }, authority, idTokenClaims);
16938
+ }
16939
+ catch (error) {
16940
+ rootMeasurement.end({ success: false }, error);
16941
+ throw error;
16942
+ }
16875
16943
  }
16876
16944
  /**
16877
16945
  * Helper function to load account to msal-browser cache
@@ -16882,23 +16950,23 @@ class TokenCache {
16882
16950
  * @param requestHomeAccountId
16883
16951
  * @returns `AccountEntity`
16884
16952
  */
16885
- async loadAccount(request, clientInfo, correlationId, idTokenClaims, authority) {
16953
+ async loadAccount(request, clientInfo, correlationId, authority, idTokenClaims) {
16886
16954
  this.logger.verbose("TokenCache - loading account");
16887
16955
  if (request.account) {
16888
16956
  const accountEntity = AccountEntity.createFromAccountInfo(request.account);
16889
- await this.storage.setAccount(accountEntity, correlationId, isKmsi(idTokenClaims || {}));
16957
+ await this.storage.setAccount(accountEntity, correlationId, isKmsi(idTokenClaims || {}), ApiId.loadExternalTokens);
16890
16958
  return accountEntity;
16891
16959
  }
16892
- else if (!authority || (!clientInfo && !idTokenClaims)) {
16893
- this.logger.error("TokenCache - if an account is not provided on the request, authority and either clientInfo or idToken must be provided instead.");
16960
+ else if (!clientInfo && !idTokenClaims) {
16961
+ this.logger.error("TokenCache - if an account is not provided on the request, clientInfo or idToken must be provided instead.");
16894
16962
  throw createBrowserAuthError(unableToLoadToken);
16895
16963
  }
16896
16964
  const homeAccountId = AccountEntity.generateHomeAccountId(clientInfo, authority.authorityType, this.logger, this.cryptoObj, idTokenClaims);
16897
16965
  const claimsTenantId = idTokenClaims?.tid;
16898
- const cachedAccount = buildAccountToCache(this.storage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, authority.hostnameAndPort, claimsTenantId, undefined, // authCodePayload
16966
+ const cachedAccount = buildAccountToCache(this.storage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, authority.getPreferredCache(), claimsTenantId, undefined, // authCodePayload
16899
16967
  undefined, // nativeAccountId
16900
16968
  this.logger);
16901
- await this.storage.setAccount(cachedAccount, correlationId, isKmsi(idTokenClaims || {}));
16969
+ await this.storage.setAccount(cachedAccount, correlationId, isKmsi(idTokenClaims || {}), ApiId.loadExternalTokens);
16902
16970
  return cachedAccount;
16903
16971
  }
16904
16972
  /**
@@ -16967,9 +17035,15 @@ class TokenCache {
16967
17035
  this.logger.verbose("TokenCache - no refresh token found in response");
16968
17036
  return null;
16969
17037
  }
17038
+ const expiresOn = response.refresh_token_expires_in
17039
+ ? response.refresh_token_expires_in + nowSeconds()
17040
+ : undefined;
17041
+ this.performanceClient.addFields({
17042
+ extRtExpiresOnSeconds: expiresOn,
17043
+ }, correlationId);
16970
17044
  this.logger.verbose("TokenCache - loading refresh token");
16971
17045
  const refreshTokenEntity = createRefreshTokenEntity(homeAccountId, environment, response.refresh_token, this.config.auth.clientId, response.foci, undefined, // userAssertionHash
16972
- response.refresh_token_expires_in);
17046
+ expiresOn);
16973
17047
  await this.storage.setRefreshTokenCredential(refreshTokenEntity, correlationId, kmsi);
16974
17048
  return refreshTokenEntity;
16975
17049
  }
@@ -16981,7 +17055,7 @@ class TokenCache {
16981
17055
  * @param authority
16982
17056
  * @returns `AuthenticationResult`
16983
17057
  */
16984
- generateAuthenticationResult(request, cacheRecord, idTokenClaims, authority) {
17058
+ generateAuthenticationResult(request, cacheRecord, authority, idTokenClaims) {
16985
17059
  let accessToken = "";
16986
17060
  let responseScopes = [];
16987
17061
  let expiresOn = null;
@@ -17074,7 +17148,7 @@ class SilentAuthCodeClient extends StandardInteractionClient {
17074
17148
  msgraph_host: request.msGraphHost,
17075
17149
  cloud_graph_host_name: request.cloudGraphHostName,
17076
17150
  cloud_instance_host_name: request.cloudInstanceHostName,
17077
- }, silentRequest, false);
17151
+ }, silentRequest, this.apiId, false);
17078
17152
  }
17079
17153
  catch (e) {
17080
17154
  if (e instanceof AuthError) {
@@ -17187,7 +17261,7 @@ class StandardController {
17187
17261
  };
17188
17262
  this.nativeInternalStorage = new BrowserCacheManager(this.config.auth.clientId, nativeCacheOptions, this.browserCrypto, this.logger, this.performanceClient, this.eventHandler);
17189
17263
  // Initialize the token cache
17190
- this.tokenCache = new TokenCache(this.config, this.browserStorage, this.logger, this.browserCrypto);
17264
+ this.tokenCache = new TokenCache(this.config, this.browserStorage, this.logger, this.browserCrypto, this.performanceClient);
17191
17265
  this.activeSilentTokenRequests = new Map();
17192
17266
  // Register listener functions
17193
17267
  this.trackPageVisibility = this.trackPageVisibility.bind(this);
@@ -18017,7 +18091,7 @@ class StandardController {
18017
18091
  this.logger.verbose("hydrateCache called");
18018
18092
  // Account gets saved to browser storage regardless of native or not
18019
18093
  const accountEntity = AccountEntity.createFromAccountInfo(result.account, result.cloudGraphHostName, result.msGraphHost);
18020
- await this.browserStorage.setAccount(accountEntity, result.correlationId, isKmsi(result.idTokenClaims));
18094
+ await this.browserStorage.setAccount(accountEntity, result.correlationId, isKmsi(result.idTokenClaims), ApiId.hydrateCache);
18021
18095
  if (result.fromNativeBroker) {
18022
18096
  this.logger.verbose("Response was from native broker, storing in-memory");
18023
18097
  // Tokens from native broker are stored in-memory
@@ -19295,7 +19369,7 @@ class NestedAppAuthController {
19295
19369
  async hydrateCache(result, request) {
19296
19370
  this.logger.verbose("hydrateCache called");
19297
19371
  const accountEntity = AccountEntity.createFromAccountInfo(result.account, result.cloudGraphHostName, result.msGraphHost);
19298
- await this.browserStorage.setAccount(accountEntity, result.correlationId, isKmsi(result.idTokenClaims));
19372
+ await this.browserStorage.setAccount(accountEntity, result.correlationId, isKmsi(result.idTokenClaims), ApiId.hydrateCache);
19299
19373
  return this.browserStorage.hydrateCache(result, request);
19300
19374
  }
19301
19375
  }